<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<tt>Question was how to retrieve those lists for any given
certificate,<br>
using currently supported OpenSSL APIs.</tt><br>
<tt> </tt><br>
<tt>The lists of usage bits and extusage OIDs in any given
certificate<br>
are finite, even if the list of values that could be in other<br>
certificates is infinite.</tt><tt><br>
</tt> <br>
<tt> </tt>On 2021-07-16 06:44, Kyle Hamilton wrote:<br>
<blockquote type="cite"
cite="mid:CAPMEXDZeupAvSzVLRKTeK=h4-eS7yjKBmDoLhvEza60mwFmJQA@mail.gmail.com">
<pre wrap="">Also, OIDs for extendedKeyUsage can be defined per-application, so
there's no way to compile a full list of them.
-Kyle H
On Fri, Jul 16, 2021 at 4:23 AM Viktor Dukhovni
<a class="moz-txt-link-rfc2396E" href="mailto:openssl-users@dukhovni.org"><openssl-users@dukhovni.org></a> wrote:
</pre>
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">On 15 Jul 2021, at 11:55 pm, SIMON BABY <a class="moz-txt-link-rfc2396E" href="mailto:simonkbaby@gmail.com"><simonkbaby@gmail.com></a> wrote:
I am looking for openssl APIs to get all the OIDs associated with user certificate Key usage extension. For example my sample Key usage extension from the certificate is below:
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
I am looking for the APIs used to get the OIDs associated with Digital Signature and Key Encipherment from the certificate.
</pre>
</blockquote>
<pre wrap="">There are no keyUsage OIDs, the field is a bitstring:
<a class="moz-txt-link-freetext" href="https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.3">https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.3</a>
id-ce-keyUsage OBJECT IDENTIFIER ::= { id-ce 15 }
KeyUsage ::= BIT STRING {
digitalSignature (0),
nonRepudiation (1), -- recent editions of X.509 have
-- renamed this bit to contentCommitment
keyEncipherment (2),
dataEncipherment (3),
keyAgreement (4),
keyCertSign (5),
cRLSign (6),
encipherOnly (7),
decipherOnly (8) }
There are OIDs in the extendedKeyUsage:
<a class="moz-txt-link-freetext" href="https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.12">https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.12</a>
</pre>
</blockquote>
</blockquote>
<br>
<pre class="moz-signature" cols="72">Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. <a class="moz-txt-link-freetext" href="https://www.wisemo.com">https://www.wisemo.com</a>
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded</pre>
</body>
</html>